Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

No event for totalAmount in `SablierFlow.depositViaBroker()`

baz1ka

Relevant GitHub Links

https://github.com/sablier-labs/flow/blob/9213c4eb38419be233bd74cdca7b6afb24cd7bcd/src/SablierFlow.sol#L672

Summary

Function SablierFlow.depositViaBroker() allow sender to deposit funds to stream using broker and consequently sending fees to broker address. Default function to deposit SablierFlow._deposit() emmits event ISablierFlow.DepositFlowStream with amount passed to this function. SablierFlow.depositViaBroker() inside it also use SablierFlow._deposit() but because of broker fees amount that is passed to SablierFlow._deposit() (and emmited in ISablierFlow.DepositFlowStream event) is smaller then total transfered amount. And because of that there is no way to distinguish whether user deposited by or SablierFlow.deposit() by SablierFlow.depositViaBroker(). This can be valuable to show some statistic as it would show different value even though user deposited more.

Recommended Mitigation Steps

Add event for depositing via broker:

// Interaction: transfer the broker's amount.
_streams[streamId].token.safeTransferFrom({ from: msg.sender, to: broker.account, value: brokerFeeAmount });
+ emit ISablierFlow.DepositViaBroker({
+ streamId: streamId,
+ funder: msg.sender,
+ broker: broker.account,
+ brokerFee: brokerFeeAmount
+ });
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.